Basic knowledge of 'post-quantum cryptography' that the general public should know in the coming era of quantum computers



Research institutes and companies around the world are competing to develop

quantum computers that can solve problems that are too complex for conventional computers to solve, and some researchers claim that quantum computers are already capable of breaking RSA encryption. The National Institute of Standards and Technology (NIST) has compiled a FAQ about quantum computers, which are said to be only a matter of time before they appear, and ' post-quantum cryptography (PQC),' which is being developed to counter quantum computer-based encryption.

·table of contents
◆1: What is quantum computing in the first place?
◆2: What is a post-quantum encryption algorithm?
◆3: What is the difference between “post-quantum cryptography” and “quantum cryptography”?
◆4: Why are such dangerous quantum computers being developed?
◆5: Current encryption technology and how quantum computers can decrypt it
◆6: How will post-quantum cryptography be useful?
◆7: Why are we developing post-quantum cryptography now?
◆8: What does “collect now, decode later” mean?
◆9: What are the future developments for post-quantum cryptography?

◆1: What is quantum computing in the first place?
Quantum computers are devices that use different scientific concepts than classical computers and can exploit the counterintuitive properties of quantum computers - such as the ability of a single bit of data to simultaneously take on values of 0 and 1 - to perform calculations that are difficult or impossible with classical computers.

The task of 'computing many potential solutions to a problem in parallel to derive the correct answer' requires 'simultaneous computation and sifting,' which cannot be done efficiently by conventional computers. On the other hand, a quantum computer can perform the task efficiently and quickly derive the correct answer.



◆2: What is a post-quantum encryption algorithm?
Current encryption algorithms, which protect sensitive electronic information like emails, messages and medical records from unauthorized viewers, have long protected data from attacks by traditional computers that try to break the encryption. But quantum computers could potentially break those algorithms and expose our digital secrets.

Countering this threat requires encryption techniques that can thwart cyberattacks from both classical and quantum computers – these are known as post-quantum cryptographic algorithms.

◆3: What is the difference between “post-quantum cryptography” and “quantum cryptography”?
According to NIST, although the names are similar, post-quantum cryptography and quantum cryptography are actually completely different. First of all, post-quantum cryptography is designed to counter the potential threat of cyber attacks by quantum computers, and is based on very historic mathematical techniques dating back to ancient Greece, such as elliptic curves.

On the other hand, quantum cryptography is based on quantum physics, which emerged in the 20th century, and is a field that aims to realize new and secure encryption technology that exploits the counterintuitive properties of quantum mechanics. Like post-quantum cryptography, quantum cryptography is also seen as a promising countermeasure against cyber attacks using quantum computers, but the principles are very different.



◆4: Why are such dangerous quantum computers being developed?
While quantum computers could pose a threat to many systems protected by traditional encryption techniques if used in cyber attacks, they also have many beneficial uses.

For example, quantum computers have the potential to solve tasks that involve complex interactions of variables, making them ideal for drug development, simulating complex molecules, and solving the classic “

traveling salesman problem ” of finding the optimal route through multiple destinations.

The field of quantum computing is still in its infancy, and there are significant technological hurdles to overcome before a powerful quantum computer can be realized. Although we don't yet know what quantum computers will be like, the possibility of a powerful quantum computer is considered high, and if this happens, it will have a major impact on current encryption technology, so the world must prepare for such an eventuality, NIST points out.

◆5: Current encryption technology and how quantum computers can decrypt it
In conventional cryptographic algorithms, two very large prime numbers that can only be divisible by 1 and itself are chosen, and then multiplied together to create a large number. Multiplying prime numbers is easy, but conversely, figuring out which prime numbers were multiplied together is extremely difficult and time-consuming. These two numbers are called prime factors, and it has been estimated that for sufficiently large numbers, it would take billions of years for conventional computers to derive the prime factors.

However, a sufficiently powerful quantum computer could sift through the prime factors simultaneously, rather than one at a time, to arrive at the answer exponentially faster. Such devices are called 'Cryptographically Relevant Quantum Computers' (CRQCs), and they could potentially crack traditional encryption in days or even hours, rather than billions of years, putting everything from state secrets to bank accounts at risk.



◆6: How will post-quantum cryptography be useful?
According to NIST, to prevent attacks by quantum computers, systems around the world must abandon their current encryption algorithms and switch to post-quantum encryption algorithms that are difficult to crack by both conventional and quantum computers.

In preparation, NIST has selected four initial algorithms to standardize and has been leading the effort to develop them. Three of the four algorithms are based on a family of math problems called structured lattices, and one relies on a function called a hash function. Instead of factoring large numbers, these techniques use a different kind of math problem that experts believe would be difficult to solve on either quantum or classical computers.

These algorithms are designed for two major tasks where cryptography is commonly used: general encryption to protect information such as passwords exchanged over public networks, and digital signatures used for identity authentication. Additional algorithms for general encryption are also being considered, and this approach does not use structured lattices or hash functions.

NIST is developing standards that will provide multiple algorithms for different types of applications in case different situations require different approaches to encryption, or if one algorithm turns out to be weak.

◆7: Why are we developing post-quantum cryptography now?
At the time of writing, a sufficiently powerful quantum computer capable of breaking encryption has not yet been developed, and it is unclear how long it will take to put it into practical use, but some predictions suggest it could take less than 10 years.

Until now, it has taken 10 to 20 years for a new algorithm to become widespread after it is standardized. Therefore, to avoid the risk of existing encryption being broken by the advent of quantum computers, preparations will have to begin more than 10 years in advance.

'The world needs to plan ahead,' NIST said.



◆8: What does “collect now, decode later” mean?
One of the reasons we need to start protecting our data with post-quantum cryptography as soon as possible is the so-called “collect now, decrypt later” type of cyberattack.

This involves collecting data protected by encryption that is not yet decryptable, and then decrypting it when quantum computers become available in the future. This is viewed with caution as a useful method for obtaining confidential information that will retain its value in the future.

◆9: What are the future developments for post-quantum cryptography?
NIST launched its post-quantum cryptography project in 2016, soliciting 69 candidate algorithms from cryptography experts around the world and asking experts to crack them, narrowing down the number of candidates through a transparent process.

Four algorithms were then formally adopted in 2022, with three of them released as the first final standard in August 2024, and the remaining one scheduled for release in 2024.

The National Institute of Standards and Technology releases three final post-quantum cryptography standards: ML-KEM, ML-DSA, and SLH-DSA - GIGAZINE



'One of our missions is to develop standards that are broadly useful to everyone, not just to special companies or groups. Once standards are complete, they will be adopted by federal agencies and made available to the public, free of charge,' NIST said.

in Security, Posted by log1l_ks